When Justin Trudeau was in opposition, he voted for Canada's PATRIOT Act but promised to fix it; instead he's making it much, much worse

From the Boing Boing Shop

Follow Us

Back in 2015, Canada's failing, doomed Conservative government introduced Bill C-51, a far-reaching mass surveillance bill that read like PATRIOT Act fanfic; Justin Trudeau, leader of what was then a minority opposition party, whipped his MPs to vote for it, allowing it to pass, and cynically admitting that he was only turning this into law because he didn't want to give the Conservatives a rhetorical stick to beat him with in the next election -- he promised that once he was Prime Minister, he'd fix it.

Now the Trudeau government has introduced Bill C-59, which is meant to correct those deficits. Instead, it makes them far, far worse. A new white-paper jointly authored by the University of Toronto's Citizen Lab (previously) and the University of Ottawa's CIPPIC (previously< far and away Canada's leading authorities on internet policy, reveals the incredible array of powers C-59 will grant to the Communications Security Establishment -- Canada's answer to the NSA -- an agency already notorious for conducting unconstitutional mass surveillance under colour of a secret interpretation of Canadian law. Secret laws, of course, have no place in a democracy.

C-59 will allow CSE to buy software defects from hackers, and, rather than repairing them, it allows them to weaponise them, putting Canadians at risk as they continue to run unpatched software that liable to attack by foreign powers and criminals. The law allows C-59 to use these cyberweapons even to the point of causing "death or bodily harm" and interfering with the "course of justice or democracy." It expands CSE's mandate, allowing it to work within Canada, and to target Canadians.

At the same time as it creates these terrifying powers, C-59 establishes no meaningful oversight or transparency.

The white paper has a set of 14 exhaustive, sensible recommendations for fixing these deficits, creating a balance that will allow Canada's spy agency to act to defend the Canadian people, government and industry, but without letting them run rampant and continue the recklessness and abuses that have been so characteristic of western spy agencies in the 21st century.

Remember that even if you like Trudeau and trust him to wield these powers wisely, the powers will survive his government and be handed over to the next one, and the next. The last Conservative leadership race showed us that Canada is by no means immune to Trumpism, and it's a foolish bet to believe that these powers will only be in the hands of people you agree with.

Recommendation 1: Amend section 9 of the National Security and Intelligence Review Agency Act to clarify that the NSIRA is entitled to access documents in the possession or under the control of any department, including all documents originating from foreign governments, their respective intelligence agencies, and international bodies — despite any limitation imposed by those foreign bodies or by “originator control.”

Recommendation 2: Amend section 48 of the National Security and Intelligence Review Agency Act to prohibit the secretariat from engaging in direct hiring from intelligence and national security agencies, and to impose a reasonable time limitation for prospective secretariat employees who have been employed by those agencies in the past.

It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.

A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks.

When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]

For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]

The web is a big place, but it’s by no means infinite where domain names are concerned. New domain seekers, in particular, are feeling the burn as .com domain names become increasingly saturated, forcing many to choose a second-rate domain name or rename their brand entirely.Opting for a .tech domain not only affords you a […]